Description
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2017-10-11/
Related Vulnerabilities
CVE-2019-10400 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2019-17513 Vulnerability in maven package io.ratpack:ratpack-core
CVE-2023-31125 Vulnerability in npm package engine.io
CVE-2023-33001 Vulnerability in maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin
CVE-2020-7020 Vulnerability in maven package org.elasticsearch:elasticsearch